Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

Container orchestration systems, including Kubernetes, are increasingly being deployed in the cloud, but not all those deployments are being done in a secure manner, according to a new report from Lacework, set to be released on June 19,

Lacework conducted an analysis of cloud-hosted container orchestration deployments and discovered 21,169 publicly facing container orchestration platforms. Of these, 300 deployments were found to have open administrative dashboards without any required access credentials.

"We used Shodan and our own crawler and port scanning in order to discover and fingerprint servers and then discover ones that were truly open versus authenticated," Dan Hubbard, Chief Security Architect, told eWEEK.

Further reading

Shodan.io is a popular search service for discovering internet connected resources. Lacework, founded in 2015, is in the business of cyber-security visibility. The company's Polygraph platform provides security visibility into potential misconfigurations, threats and breaches inside of application infrastructure residing in data centers or in the cloud.

The issue of open container orchestration dashboards is not a new one and was also highlighted by security firm RedLock in a February 2018 report. RedLock found that electric automobile vendor Telsa had left its Kubernetes cluster open without any credentials and was being used by fraudsters to mine crypto-currency. More recently, security firm Kromtech reported on June 8 that a Kubernetes cluster operated by Weight Watchers was left open without authentication.

Kubernetes wasn't the only container orchestration system discovered by Lacework, but it was the most broadly deployed. Kubernetes represented 76 percent of the container orchestrators discovered in the cloud by Lacework, while 19 percent of clusters were running Docker Swarm.

AWS Hosts Most Discoverable Dashboards

Lacework's analysis found that 95 percent of the discoverable container orchestration system dashboards were hosted on Amazon Web Services (AWS). Lacework conducted its scanning during the first week of June, which coincidentally is also the week that Amazon made its managed Elastic Container Service for Kubernetes (EKS) service generally available. Kubernetes can be deployed by organizations on their own in AWS, or they can now choose to run EKS. For the Kubernetes clusters found with open dashboards on AWS, Hubbard said that they were installations outside of Amazon's EKS managed service.

"EKS deploys with a secure dashboard and management plane by default and I’m pretty sure you cannot edit that unless you run your own management," Hubbard said.

While discovering 300 entirely open container orchestration system dashboard is not a good thing, Hubbard agreed that it's safe to say that a large percentage of deployed container orchestration platforms are not open.

"This of course is only one aspect of security so hard to say if they are secure," Hubbard said. "Also an important note, we did not perform any brute force password or dictionary attacks so we cannot comment on how secure the authentication process is."

The Lacework report observed that the cluster orchestration system dashboards that were open to discovery on the internet could potentially disclose information that might be useful to attackers.

"Within most discovered systems, the company name could be derived from certificates and hostnames even without access," the report states. "These organizations, and the others who will replicate their mistakes, are opening themselves up to brute force password and dictionary attacks. "

Best Practices

Looking specifically at Kubernetes, Hubbard recommended organizations take the following measures to improve security:

Configure Kubernetes pods to run read-only file systems

Restrict privilege escalation in Kubernetes

Build a pod security policy

Run Role Based Access Control (RBAC)

Overall, Hubbard suggests that organizations understand their inventory of applications with public clouds and perform continual audit and configuration scanning with compliance checks, for workloads and security zone policies

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.